The Google Chromecast has been rooted less than a week after it was launched, and it seems the dongle runs a modified version of Google’s T.V. software, instead of Chrome OS as the company claimed.
When Google unveils a new device, you can rest assured someone out there is going to get right down to finding a way to obtain access to its software innards. The search giant unveiled the Chromecast, a $35 dongle that lets people stream media between two connected devices (e.g.: between your T.V. and Android phone/tablet) on Wi-Fi, less than a week ago, and the folks over at GTV Hacker have already obtained root access to it.
Google claims the Chromecast runs a stripped down version of Chrome OS, but GTV Hacker believes otherwise. “We had a lot of internal discussion on this, and have concluded that it’s more Android than ChromeOS,” says GTV Hacker. “To be specific, it’s actually a modified Google TV release, but with all of the Bionic / Dalvik stripped out and replaced with a single binary for Chromecast.”
The root exploit was gained by booting an unsigned kernel to the device by connecting a USB key to it via a USB-OTG cable, which helped the team “spawn a root shell on port 23,” helped by the fact that Google was kind enough to release the bootloader source code. Here’s how they describe the process:
By holding down the single button, while powering the device, the Chromecast boots into USB boot mode. USB boot mode looks for a signed image at 0×1000 on the USB drive. When found, the image is passed to the internal crypto hardware to be verified, but after this process the return code is never checked! Therefore, we can execute any code at will.
Now, while the cute little dongle seems to have more in common with Android than Google’s web-based OS, users will not be able to install Android apps on it, but the group isn’t ruling out the possibility that it could one day be turned into a “Google TV stick,” perhaps with a few features of the company’s T.V. software making their way to the Chromecast.
Of course, Google could roll out a software update to patch the exploit, but knowing the perseverance of the modding community, any protection against such exploits will no doubt be broken sooner or later. If you’re interested, hit the source link for instructions and download links to the exploit, as well as more details on how GTV Hacker pulled it off.
Source: GTV Hacker